Data protection

Start of main content

In general and for most processing, this will be Banca March, S.A. (hereinafter referred to as "Banca March"), with tax code number A-07004021 and registered office at Avenida Alexandre Rosselló 8, Palma, Balearic Islands, Spain.

As part of its relationship with its customers, Banca March may process any of the following types of personal data.

  • Identification and contact data (including postal and email addresses).
  • Log in data to access and perform transactions using the online banking services offered by Banca March.
  • Data regarding the customer's signature (including digitised signature and voice print).
  • Sociodemographic data, such as
    • Nationality.
    • Tax data.
    • Family situation data.
    • Employment information.
    • Professional and academic information.
  • Economic and capital adequacy data
  • Data in relation to transactions performed, such as
    • Data in relation to the arrangement of specific products and services, including banking, financial and transaction data.
    • Bank account or securities data, credit card number, cash transfers, available assets, investor profile and expense patterns.
    • Data in relation to your consumption preferences.
    • Payment data involving cards and specifically, the location of cash withdrawals and payments made.
    • Data on complaints and court proceedings.
    • Data obtained in line with the bank's obligations in relation to anti-money laundering prevention.
    • Telephone conversation data.
    • Video surveillance.
    • Data relating to communications made by interested parties in relation to the Internal Information Channel.

Banca March may also process data indirectly. In other words, the customer provides us with third-party data. This includes:

  • Guarantors.
  • Authorised representatives.
  • Family members.
  • Minors that the customer represents.
  • Individual beneficiaries and company shareholders.
  • Employees of legal entities.
  • End beneficiaries of transactions.
  • Usufructuaries and owners.
  • Potential recipients of communications made within the framework of the use of the Internal information channel.

Banca March may request these details at any time during the contractual relationship. Depending on the product or service arranged, you will be required to provide these data for the application to be processed. The foregoing notwithstanding any other data that may be requested by Banca March pursuant to the applicable regulations at the time of the application; your refusal to provide these data may mean that it is impossible to take out certain products. In the event of use of the Internal Communication Channel, unless the informant opts for anonymity in the registration of the communication, their data may be required by Banca March for each registration of a new communication. Data will jointly be referred to hereinafter as “Personal Data”.

While using the App, customers will be informed that access is needed to certain features in their mobile device so that the specific consent may be granted. In order to authorise and prevent fraudulent use of the application, customers must supply minimum personal data so that their identity may be verified on login. The following permissions need to be granted for the App to be fully functional: 

  • Access to the customer's contacts to notify or transfer cash to a contact using Bizum. A message is shown accepting the necessary permissions for the operation to take place. Otherwise, customers will not be able to select their contacts, and instead will have to enter their beneficiary manually. 
  • Device's geolocation to pinpoint their location on the map, display the nearest ATMs and monitor the application's activity so as to protect users from fraudulent access or operations, and to ensure that the App works correctly. 
  • Biometric data: Fingerprint, voice or facial recognition permissions are not stored in Banca March's systems. They are always subject to customer consent under the terms and conditions of the operating system's manufacturer. 
  • Access to the microphone, only for customers to be able to register their voice and sign certain transactions through this medium, should they wish to. This access will not be used at any other time or for any other purpose. The storage of your voice will not be forwarded to any third parties alien to Banca March and it will be subject to your, that is, the customer’s approval so that it can be deleted at any time upon your request.
  • Registration and signature by voice: Banca March offers its customers the possibility of validating operations through voice biometrics, such as signing transfers. The use of this validation method is subject to the prior, express and informed consent of the client, which may be revoked at any time; and the voice records will be used and stored for the sole purpose of facilitating the validation of operations based on the voice print, and cannot be used for any other purpose or transferred to third parties alien to the service. The client who wants to register or use the voice signature system will have to do so from a physical mobile device previously linked as a trusted device, for which they must be in possession of their coordinates card and the one-time password that will be sent to the mobile phone that has been stored in our database, as well as know the access code to online banking or sign in through biometric data such as fingerprint or facial recognition. Once the trusted device has been linked, it will be necessary for the client to register their voice from that same device after reading and accepting this privacy policy and after granting the application permissions to the microphone, by recording a pattern of speech with their voice as proposed in said process by Banca March. Once their voice has been registered as a signature method, always from the trusted device and previously authenticated in the online banking session by means of password or biometric access, the client will be offered the biometric voice pattern to sign certain operations. However, the use of this signature method will always be voluntary for the client, and there will be the option of signing by another validation method, which will be the one proposed by Banca March, without giving the client the possibility of choosing a specific method. The customer will have the possibility of deactivating or cancelling the voice as a signature method at all times. To do this, they will have to go to the "Profile" section and then access Security. Deactivating the voice will mean that Banca March will not request it to sign operations, while cancelling it will mean erasing their voice print, so that they will not be able to use it again, unless they carry out a new registration process.

Banca March will use these permissions only to guarantee that the features operate correctly and never for any other purpose. Any permissions may be revoked by the customers at any time from the application's settings.

All the Personal Data that Banca March processes in relation to its customers are contained in the data collection documents used by Banca March, in addition to the data provided when applying for a product or service, whether on the website, via the call centre or the different Banca March branches, and through the data collection form while registering a communication from the Internal Information Channel.

Furthermore, Banca March may obtain Personal Data from:

  • Public records.
  • Official journals.
  • Entities that provide information on capital adequacy and non-payment.
  • Social media and the Internet.
  • Fraud prevention agencies.
  • Anti-money laundering databases.
  • The Spanish tax agency.
  • The Spanish social security service.

Banca March processes its customers' Personal Data in relation to:

The execution of a contract with a customer:

  • To manage an application from somebody interested in arranging Banca March or third-party products and services when arranged via Banca March and to maintain the contractual relationship. As regards third-party products, Banca March shall communicate the customer's Personal Data that are necessary to the company whose products and/or services are marketed by Banca March, with a view to simplifying and speeding up the process.
  • To handle any complaints, claims and suggests that customers may make in terms of the execution of the contract entered into between the customer and Banca March.
  • Furthermore, Banca March will process all the data generated as part of out-of-court and court proceedings and perform all the necessary processes to comply with these requirements.
  • To appraise goods against which the customer decides to constitute a right in rem, such as a mortgage, or when used in other transactions to constitute a guarantee.

To comply with a legal obligation:

  • To assess the capital adequacy and credit risk of the interested party. With a view to analysing the risk of the interested party and, as applicable, assess the suitability of the product being arranged or the need to adapt its validity to the constitution of a payment guarantee, Banca March will process the information provided and obtained by consulting internal files, in addition to third party capital adequacy files or consulting the Risk Information Unit at the Bank of Spain (CIRBE). Based on these consultations, Banca March may internally class its customers based on the level of risk and adopt legal decisions or that affect them, which may result in the product requested by the customer not being supplied or being dependent on the constitution of a payment guarantee, all based on the risk estimated by Banca March and the credit rating generated when analysing the information obtained.
  • As part of the fight against the financing of terrorism and serious organised crime and anti-money laundering, as part of the efforts to formally identify the participants or applicants for products offered by Banca March, in addition to the identification of their professional or business activities.
  • As regards the obligations generated under the anti-money laundering and counter terrorist financing regulations, Banca March may:
    (i) share this information with other Banca March Group companies or investee companies,
    (ii) report specific transactions to the Executive Service of the Commission for the Prevention of Money Laundering and Monetary Offences (SEPBLAC),
    (iii) obtain information on credit institutions and other payment service providers,
    (iv) periodically send information to the File on Financial Holdings.
  • To prepare certain reports to regulatory banking authorities, such as the Bank of Spain, the European Central Bank and the European Banking Authority.
  • With a view to ensuring compliance with European regulations in relation to the Financial Instruments Market (MiFID), Banca March may process personal data obtained by recording telephone calls.
  • To comply with an international regulation to exchange information on financial matters between tax administrations.
  • With a view to ensuring compliance with the private security regulations, Banca March performs video surveillance at its branches.
  • To comply with Law 2/23 of 20 February regulating the protection of people reporting regulatory infractions and the fight against corruption, Banca March maintains its Internal Information Channel for the purpose of managing and processing communications on alleged breaches of the Ethics and Conduct Code, the Criminal Risk Prevention System Policy, current regulations as well as other internal regulations that are mandatory for the entity.

The legitimate interest of Banca March:

The following activities are performed based on the legitimate interest of Banca March. Having performed a detailed analysis of these data processing activities and ensuring that the data protection rights of customers have not been breached:

  • Share the personal data of customers with other companies in the Banca March Group or its investee companies, external companies or shared systems in relation to the exchange of fraudulent activity exclusively for the purposes of preventing fraud.
  • Update personal data, whether using own sources (customer databases) or using data that the data subject has made public or other sources (official records, professional lists, etc.).
  • For exclusively administrative purposes, identification, bookkeeping, internal audits, managing claims or internal business appraisals, Banca March may share the data of its customers with other Banca March Group companies or its investee companies.
  • With a view to verifying the quality of its services, communications, procedures, the service received and products offered or to be offered, Banca March will perform satisfaction surveys amongst its customers.
  • To record calls involving customers to demonstrate the content of these calls or requests made as part of the contract entered into or, on occasion, assess or control the quality of the services provided. The customer will be informed that their call may be recorded and may object to this.
  • Make promotional communications regarding Banca March products and services, whether by ordinary media (mail or telephone) or electronically (email, SMS, instant messaging, app). To send customised offers about its products and services, Banca March may perform an analysis, using a customer scoring technique based on their credit risk, using the data provided by the customer to this end and the data generated as part of the relationship with Banca March (using information obtained from internal databases, historic behaviour in transactions that may have been performed in the past, commercial interests shared by the customer when using the service or in response to a survey, and the information identified or estimated by Banca March based on the credit risk reported by the customer in their contractual relationship).
  • Prepare basic profiles, including by using automated means, with a view to assessing and establishing the propensity score for specific products and customising the offer of these products. To prepare basic commercial profiles, we will analyse your preferences using the data generated as part of your relationship with Banca March, such as identification and contact details, economic and equity adequacy details, transaction details, the details of products and services taken out with Banca March or sold by the bank, data on the use of channels and services made available by Banca March, including browsing information collected and digital behaviour data obtained via platforms and units in relation to cookies or devices when you provide your consent as part of our cookies policy on the website or via mobile. The use of legitimate interest as a basis for this processing resides in the fact that the purpose of processing is to allow both general and targeted advertising to be sent to our customers, in relation to the execution of a contract.

The customer's express consent::

Banca March only processes data when the customer provides express consent in the following instances:

  • Asking the Spanish social security service for information on their professional or business activities with the sole purpose of verifying the information relating to the customer's economic and professional activities, as required to manage the product or service requested by the customer. If the customer does not consent to Banca March requesting this information, they must provide the necessary documentation for their professional or business activities to be identified.
  • Sending promotional information, whether by ordinary media (mail or telephone) or electronically (email, SMS, instant messaging, app), about the products and services offered by Banca March Group companies and its investee companies, such as insurance, property, etc. With a view to sending customised offers of products and services, Banca March may perform an analysis, using a customer scoring technique based on their credit risk, using the data provided by the customer to this end, the data generated as part of the relationship with Banca March (e.g. transactions) and data obtained from external sources.
  • Banca March may fill in the customer details with information obtained from internal databases, historic behaviour (i.e. transactions) in transactions undertaken in the past, commercial interests reported by the customer when using the service or based on survey responses, in addition to the information identified or estimated by Banca March based on the credit risk displayed by the company in their contractual relationship. Furthermore, Banca March may use other sources to this end (external companies, solvency files, Internet, etc.) or interactions that the data subject performs with Banca March (browsing and cookie data).
  • Assigning the personal data of customers to other Banca March Group companies, its investees or associates (mainly insurance companies) with a view to these being able to send customised advertising, whether by ordinary media (mail or telephone) or electronically (email, SMS, instant messaging, app).
  • Scanning the data subject's signature using any of the devices or tablets available at Banca March's branches to undertake any type of transaction, request, instruction, contract, order, statement or document, when signing by means of such a device requires the processing and storage of the customer's biometric data and registration of these data with a view to accrediting the signatory's identity and the authenticity of the documentation or transaction subscribed.
  • Obtaining information from third parties in relation to guarantors or affected third parties (beneficiaries, relatives, etc) when required in the contract entered into by the customer, with the customer expressly stating that the third-party information provided is accurate and reliable and that they have been informed about the transfer of their data and their consent has been obtained.
  • Processing the personal data of minors who wish to contract products or affected by contracts entered into by the customer (i.e. representatives), only when duly authorised by the signing legal representative (mother, father, guardian).
  • Processing their data, once the contractual relationship has come to an end, with a view to providing the conditions to retain them as Banca March customers. To this end, Banca March may get in touch with you either by ordinary media or electronically.

By the following means:

  • Specific boxes in online or hard copy forms.
  • Telephone calls.
  • Scanned signature accrediting the customer's acceptance.

The accessible personal data will be processed as long as the contractual relationship remains in place. To this end, there are certain rules that require that Banca March store documentation for a period of time. Banca March, pursuant to the obligation set out in the Law on Anti-Money Laundering and Counter Terrorist Financing will store personal data for a period of 10 years following the termination of the business relationship.

The personal data provided through the Internal Information Channel will be kept only for the time strictly required to decide the initiation of investigations and, in any case, they will be deleted from the communication channel after three months, unless the purpose of their maintenance is to leave evidence of the operation of the model for preventing the commission of crimes by the legal entity, in which case, the data may continue to be processed by the body in charge of the investigation of the reported events, but they may not be kept within the channel’s own communication system. Likewise, communications that have not been processed will only be recorded in anonymised form.

Banca March communicates its customers' data to:

  • Public authorities and institutions of the General State Administration, of Regional and Local Administrations, including the courts to which it is legally bound to provide this information to.
  • National and international tax authorities. 
  • Supervisory authorities in the finance industry in order to comply with legal obligations.
  • Supervisory bodies regarding the Internal Information System, based on compliance with legal obligations.
  • When the customer contracts collective investment vehicles and pension funds, the data will be communicated to the management company of collective investment schemes. 
  • In terms of transfers, contracting other products that entails communications with an external institution, the data will be sent to said institution at the customer's request. 
  • Joint capital adequacy and credit risk files (joint files regarding non-compliance with monetary obligations to the Risk Information Unit at the Bank of Spain).
  • For administrative purposes and to prevent fraudulent conduct, the customer's data may be sent to different Banca March Group, external companies or centralised information systems.
  • With the data subject's consent, the different Banca March Group companies, investee companies and external partners (mainly insurance companies).
  • Potential buyers or investors. 
  • External service providers that may access the personal data of customers to provide their services, including but not limited to lawyers, solicitors, consultancy services, advisory services, IT development and maintenance as well as applications or solutions, physical security, video surveillance, administrative services and document destruction. Banca March pre-selects these suppliers based on their compliance with data protection regulations and has entered into specific contracts in relation to this matter, controlling their compliance with their obligations.

The personal data of Banca March customers may be transferred to suppliers located in third countries for the provision of certain services associated with the execution of their contracts. In any case, prior to such transfers, Banca March will take all necessary safeguards to ensure that the conditions affecting these transfers are adequate. In particular, Banca March will adopt one of the following safeguards:

  • Standard data protection clauses (commonly applied);
  • Binding corporate rules;
  • Codes of conduct;
  • Certification mechanisms.

The customer can exercise their rights of access, rectification and erasure and limitation of processing, opposing the processing of their data or requesting the portability of their data through Banca March's Customer Service.

If a customer believes that their data protection rights have been infringed or if they have any complaints about their personal information, they may contact the Data Protection Officer of Banca March at the following email address dpo@bancamarch.es. Data subjects can also contact the Spanish Data Protection Agency, the data protection control authority. Calle Jorge Juan, 6, 28001, Madrid. Tel.: 901 100 099 / 912 663 517.

The Banca March Group is divided between the two activities it performs. Firstly, banking activities, in addition to insurance and the management of collective investment schemes; secondly, investment activities, dedicated to investing in industrial holdings.

Banca March S.A., the parent company, has been undertaking the Group's banking activity since 1926. The group's insurance business is delivered through March Risk Solutions and March Vida, S.A. de Seguros y Reaseguros. The management of collective investment undertakings is delivered through March Asset Management, S.G.I.I.C., S.A. and March Gestión de Pensiones, S.G.F.P., S.A. respectively. The Group also has a risk capital management company under the name of March Private Equity, S.G.E.I.C., S.A.

Furthermore, Banca March, S.A. holds 100% of the shares in Banco Inversis, S.A., a leader in the Spanish financial system, specialising in the provision of investment services related to the execution, safekeeping and settlement of securities (including investment funds), the administration and depositary of collective investment schemes and pension funds and the distribution of investment funds for the main international managers through its fund platform.

Download full content

Data protection

End of main content

.